306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 02:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
Size

984KB
MD5

c421ee3d521a61b557faf2ac333a4a13
SHA1

d82e52bdc658a7791c9b702095503fc827df1bdb
SHA256

306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c
SHA512

ae400ba396170b025fa374e83396933df3eca8dca840ef93ce18cefddb9d250dd4f9cfc7cb0ad035c1cd6b145d91af6a0fcf80adf28e128bbf1001e7b5ecad65
SSDEEP

24576:LXR1haeADPk0y16909hO7Ev22wVcXNr0kP2:LXAzk0y7BDrzO

Score

6^/10

defense_evasion

Malware Config

Signatures

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	raw.githubusercontent.com
15	raw.githubusercontent.com

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 3680	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	83
PID 556 wrote to memory of 3680	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	83
PID 556 wrote to memory of 2420	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	84
PID 556 wrote to memory of 2420	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	84
PID 556 wrote to memory of 2184	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	85
PID 556 wrote to memory of 2184	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	85
PID 556 wrote to memory of 4816	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	86
PID 556 wrote to memory of 4816	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	86
PID 556 wrote to memory of 4544	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	87
PID 556 wrote to memory of 4544	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	87
PID 556 wrote to memory of 5092	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	88
PID 556 wrote to memory of 5092	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	88
PID 556 wrote to memory of 3264	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	93
PID 556 wrote to memory of 3264	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	93
PID 556 wrote to memory of 4372	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	97
PID 556 wrote to memory of 4372	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	97
PID 556 wrote to memory of 4916	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	98
PID 556 wrote to memory of 4916	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	98
PID 556 wrote to memory of 1436	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	99
PID 556 wrote to memory of 1436	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	99
PID 556 wrote to memory of 4620	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	101
PID 556 wrote to memory of 4620	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	101
PID 556 wrote to memory of 5008	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	102
PID 556 wrote to memory of 5008	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	102
PID 556 wrote to memory of 5096	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	104
PID 556 wrote to memory of 5096	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	104
PID 556 wrote to memory of 1472	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	105
PID 556 wrote to memory of 1472	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	105
PID 556 wrote to memory of 1748	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	106
PID 556 wrote to memory of 1748	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	106
PID 556 wrote to memory of 5084	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	107
PID 556 wrote to memory of 5084	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	107
PID 556 wrote to memory of 4624	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	108
PID 556 wrote to memory of 4624	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	108
PID 556 wrote to memory of 4532	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	109
PID 556 wrote to memory of 4532	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	109
PID 556 wrote to memory of 3272	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	110
PID 556 wrote to memory of 3272	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	110
PID 556 wrote to memory of 32	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	111
PID 556 wrote to memory of 32	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	111
PID 556 wrote to memory of 4876	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	112
PID 556 wrote to memory of 4876	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	112
PID 556 wrote to memory of 2712	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	113
PID 556 wrote to memory of 2712	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	113
PID 556 wrote to memory of 3244	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	114
PID 556 wrote to memory of 3244	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	114
PID 556 wrote to memory of 804	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	115
PID 556 wrote to memory of 804	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	115
PID 556 wrote to memory of 3580	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	116
PID 556 wrote to memory of 3580	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	116
PID 556 wrote to memory of 456	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	117
PID 556 wrote to memory of 456	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	117
PID 556 wrote to memory of 2496	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	118
PID 556 wrote to memory of 2496	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	118
PID 556 wrote to memory of 2288	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	119
PID 556 wrote to memory of 2288	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	119
PID 556 wrote to memory of 3572	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	120
PID 556 wrote to memory of 3572	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	120
PID 556 wrote to memory of 4876	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	121
PID 556 wrote to memory of 4876	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	121
PID 556 wrote to memory of 3248	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	122
PID 556 wrote to memory of 3248	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	122
PID 556 wrote to memory of 4088	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	123
PID 556 wrote to memory of 4088	556	306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe	123

C:\Users\Admin\AppData\Local\Temp\306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe
"C:\Users\Admin\AppData\Local\Temp\306d67cf900ab101028278f562b9d557ae0a89118f7e10b35a92f0d7bb074a0c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_UserID
  2⤵
  PID:3680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_Update
  2⤵
  PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c mkdir RPr
  2⤵
  PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:5092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:3264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:1436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:1748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:5084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:32
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:2712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:3244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:3580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:2288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:3248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c del Cache_CS2_Offsets
  2⤵
  PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cache_CS2_Offsets

Filesize
798B

MD5
2e280239d980d34b4108b78987583aa4

SHA1
2f45c09514f0d5cb21d7d33c06e483f7015c1872

SHA256
8c08225f18fb33ed4e0ce7d4e43d52575a2aa716f69d90a11ee3666a7cbf48b5

SHA512
62f0c4596368db7583ea0ee31a546552414d17a66c2bebdb9f08754aaf99f6bdfc053f162471b2b5d2316a350165211074123eaa132e84f551a1253c61fdd11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cache_Update

Filesize
172KB

MD5
20e14f5e69d621a8c6c880c7fb5d6790

SHA1
c20b55e9199915162f31f8a43bfb257732bcd3ed

SHA256
275a41007aba6f8d981be954c38190fd41bc857dcf7c652cf718d08fc11c0af5

SHA512
4213087fc22d0701e93b38075b50ee0b36913b5b077f064400d36cc702ea499dbbfca4c1b75bf057d5dd5bb331a0f51c388f6e2549d11f7e85b46f9b558c2e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cache_UserID

Filesize
8B

MD5
3d95b7d20d2c6e98a27a0666d040d8cb

SHA1
6962e0bbfe8debe1ce5828354f9b886ab21240d6

SHA256
6be3c64d2c32c88aca033de1a285263f92723783e459abc570802e9114f0f75a

SHA512
e0cb5707aed71954ba791e0a7f47bd6ca29ad59982580509d3acea90eae0a3b4e6371166bc7546d171d85edfb5e68e84c1d2e284e4926100ab1d950af2dbf9f2

Download Submit